The latest in the Wall Street Journal's series on online privacy
targets Facebook
and Facebook app makers like Zynga.

Until now, the WSJ series has mostly been hysterical screaming
about things most people know and don't care about. At first
glance, however, these latest findings sound more serious.

According to the WSJ, Facebook apps are freely handing out
users' private info to advertisers, including names--even for
Facebook accounts that are set to be fully private:

Many of the most popular applications, or "apps," on the
social-networking site Facebook Inc. have been transmitting
identifying information—in effect, providing access to people's
names and, in some cases, their friends' names—to dozens of
advertising and Internet tracking companies, a Wall Street
Journal investigation has found.

The issue affects tens of millions of Facebook app users,
including people who set their profiles to be completely private.
The practice breaks Facebook's rules, and renews questions about
its ability to keep identifiable information about its users'
activities secure.

The info being shared is each users' "Facebook ID," which can be
used to determine the person's name (in every case) and any
information they have shared with other users (when the account
isn't fully private).

The apps the WSJ tracked shared this information with at least 25
third-party advertising and data companies. At least one of
these companies, Rapleaf, then matched this data with data in its
own database and sold it.

Since the WSJ notified Facebook of the results of its
investigation, Facebook has shut down some of the smaller apps
that were passing on user IDs (but not Zynga). An
unidentified Facebook spokesperson also says Facebook is trying
to figure out ways to make sure this doesn't keep happening.

Zynga, for its part, appears to be suggesting that the sharing of
info was inadvertent: "A Zynga spokeswoman said, 'Zynga has
a strict policy of not passing personally identifiable
information to any third parties. We look forward to working with
Facebook to refine how web technologies work to keep people in
control of their information.'"

UPDATE: Some observers, including Jeff Jarvis, immediately
ridiculed these findings, saying that the Wall Street Journal was
just once again "declaring war on the Internet" by describing
common online practices that are no different than what goes on
in the offline world. And that may be the case. But
these latest findings, we suspect, will still freak people
out. And Facebook's reaction, at least, wasn't "Oh, relax,
everyone does this," but that it would try to figure out how to
stop it.

(Jeff
also asked whether we thought this was a "conspiracy" between
Facebook, Zynga, et al, or just an "error." We definitely don't
think it's a conspiracy. We don't even really think it is an
"error." We suspect it's just the WSJ shining a light on
something that has been happening under the radar without anyone
paying attention to it. We suspect that some people will
now begin paying attention to it, which could lead to some
changes.)